6 matches found
Cross site scripting
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
CVE-2021-32712
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview...
Code injection
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the...
Code injection
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older version...
CVE-2021-32710 Potential Session Hijacking in Shopware
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older version...
Denial of Service via Cache Flooding
Impact Denial of Service via Cache Flooding Patches We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of 6.1...